Plugins » Katello

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1100582
Cloned specifically for the Katello component. The SELinux setting in the default Katello Kickstart file is set to permissive, but should be enforcing.

May be blocked on bug #1100367 which will update the services in Foreman's kickstart so iptables etc are enabled after provisioning.

++ This bug was initially created as a clone of Bug #1100367 ++

Description of problem:
Default RHEL provisioning template produces system with insecure settings (selinux in permissive; services like iptables, ip6tables, auditd, restorecond, yum-updatesd are stopped; although the system is meant to be used via subscription-manager, yum-rhn-plugin is installed; )

Version-Release number of selected component (if applicable):
Satellite-6.0.3-RHEL-6-20140521.0

How reproducible:
always

Steps to Reproduce:
1. Provision guest with these provisioning templates (or just inspect them):
Kickstart default
Kickstart RHEL default
Katello Kickstart Default for RHEL

Actual results:
Not all issues are found in all templates, but what I consider most important: * system is not registered automatically * SELinux in permissive * services like iptables, ip6tables, auditd, restorecond, yum-updatesd are stopped * although the system is meant to be used via subscription-manager, yum-rhn-plugin is installed

Expected results:
After installation, system should be registered by default.
SELinux should be in enforcing
At least ip*tables services should be running with sane configuration
Just a minimal set of packages should be installed (yum-rhn-plugin and other might be probably removed)